Package: exim4 Version: 4.63-8 Severity: normal Hello,
recently I came across the following bit of code in the source file exim4-4.63/src/pcre/pcre.c (function compile_branch, around line 3355): /* Condition to test for a numbered subpattern match. We know that if a digit follows ( then there will just be digits until ) because the syntax was checked in the first pass. */ else if ((digitab[ptr[1]] && ctype_digit) != 0) ... This is a programming error. The test for digits works by taking the bitwise (not logical) and between the corresponding entry in 'digitab' and the mask 'ctype_digit'. The if test should use '&' instead of '&&'. The code (including the bug) is duplicated in the file "pcre_compile.c" around line 2822. I did not check what the implications of this error are (false positves only could occur if 'ptr[1]' is a hex digit and these might be caught earlier in the syntax check?) but probably this should be fixed anyway. I hope this helps, Jochen -- Package-specific info: Exim version 4.63 #1 built 23-Oct-2006 19:07:51 Copyright (c) University of Cambridge 2006 Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005) Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.1 Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15) Versions of packages exim4 depends on: ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy ii exim4-base 4.63-8 support files for all exim MTA (v4 ii exim4-daemon-light 4.63-8 lightweight exim MTA (v4) daemon exim4 recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]